A German appeals court has held a travel company executive personally responsible for marketing emails sent without the required prior explicit consent. Philipp Rastemborski of Osborne Clarke Münich reports and previews new email marketing penalty provisions in the up and coming amended privacy and electronic communications directive.
Topic: Email marketing
Who: German Supreme Court, the Court of Appeals of Düsseldorf
When: 24 November 2009
Law stated as at: 31 January 2010
In line with recent case law of the German Supreme Court, the Court of Appeals of Düsseldorf ruled on 24 November 2009 that the chief executive officer of a travel company was personally responsible to ensure that each individual on a database of email addresses had explicitly given his prior consent to receiving email advertisements .
In the case at hand, the travel company had bought the database from a data broker. Although the data broker did warrant that all recipients had indicated their consent to the receipt of email marketing materials , the Düsseldorf court found the ceo to be personally responsible to set up and maintain an organisational structure to ensure that email advertisements would be sent only to recipients who explicitly agreed thereto .
The decision is based on Section 7 para. 2, no. 3 UWG (German Act Against Unfair Competition), which implements Art. 13 of the EC Directive 2002/58/EC (Directive on the processing of data and the protection of privacy in the electronic communication sector), which aims to prohibit unsolicited direct marketing.
Even though the executive's personal responsibility to discontinue unfair acts of competition is not new from a German law perspective, the line of reasoning leading to this court ruling certainly is remarkable.
The courts previously held that an individual's reasonability stems from his ability to end the facts and circumstances leading to a breach of law, provided however, that the acts required are proportionate and reasonable in the case in hand. In contrast to this, the new line of reasoning in this case is more focused on a personal liability for negligence.
This new legal assessment will lead to changes in the scope of personal liability. Where in the past, executives were only held liable for deliberate breaches of law, now a merely negligent infringement of legal obligations will be sufficient to give rise to personal liability for damages.
Case coincides with new electronic communications directive
This change in case law coincides with the EU Commission's plans to strengthen enforcement of EU electronic communications laws. The recently signed-off Directive 2009/136/EC, due for implementation across all EU states by 25 May 2011, will amend the Privacy and Electronic Communications Directive 2002/58/EC ("PECD") by adding a new Article 15 a. Under this, Member States will be required to "lay down the rules on penalties, including criminal sanctions where appropriate …", which penalties are to be "effective, proportionate and dissuasive" in order to adequately sanction infringements of the PECD, including the email marketing consent rules at Article 13.
Why this matters:
It remains to be seen, how Member States will implement the requested measures. Yet, even if penalties shall be "effective" and "dissuasive", it is not to be expected that the legal principles of German law on compensation of damages will be changed. The cases show, however, that in cases of unfair competition, the claimant often struggles to demonstrate specific damage.
However, one should expect that deliberate or negligent breaches of section 7 para. 2 no 3. UWG will be sanctioned as an administrative offence in the future. This could lead to personal fines of up to EUR 50,000.00. Therefore, as company executives' personal liability increases in the future it will become even more important for managing staff to be aware of the pitfalls of marketing and data protection law in order to organise and audit the company's operations accordingly.
Philipp Rastemborski, LL.M. (Edinburgh)
Osborne Clarke, Munich